ESET Researchers Discovered 13 Apps That Stole Instagram User Credentials

The Google Play Store has a lot of apps currently on its repository, estimated to be over 2.7 million. You can get pretty good apps on the Store that make your smartphone even more useful, but we have also malicious apps that steal user’s data, which is not good at all.

ESET, the company that is known for their antivirus apps on both mobile and desktop discovered 13 new Instagram ‘credential stealers’ on Google Play. These malicious apps were phishing for credentials of Instagram users who had installed them and sent them to a remote server. The apps appeared to have originated in Turkey and altogether, they were installed by upto 1.5 million Instagram users which is rather substantial.

How did they do this? Well apparently they lured people into downloading apps where they promised to raise their follower/likes/comments count. Funny enough, these compromised accounts were used to raise the follower counts of other users.

One of the apps that was featured in the report is called Instagram Followers. It requires people to log in on a screen that looks like Instagram’s login screen. When you enter your credentials, they were sent to the attacker’s server in plain text and the user would find it impossible to log in.

The user gets an error message “incorrect password” which prevents him or her from logging in. The error screen has a note ‘suggesting’ people visit Instagram’s official website to verify which is used to lower suspicion. If the user doesn’t recognize the threat, the hacker is now able to steal the credentials.

Now what happens to the stolen credentials? Well ESET researchers traced the servers connected to these websites and found that they are used to sell various bundles of Instagram popularity boosters.

Upon ESET’s notification, these 13 apps were removed from the Play Store: